Here is a first draft of a taxonomy of anti-spam systems. I've classified
the systems into spam prevention, spam deterrence, and spam reduction
systems.
1. Spam Prevention Approaches - These systems aim to prevent the
spread of spam messages. There are fail-open and fail-closed systems.
Fail-open systems aim to detect unwanted messages; just as in intrusion
detection, there are signature-based and anomaly detection-based schemes.
I've marked them below as either [SB] or [AD]. Another useful view would be
whether systems are implemented at the ingress or egress.
a) Fail-Open (determine unwanted messages)
i) Human Determination
(1) Collaborative filtering (i.e., razor) [SB]
ii) System Determination
(1) Who is it from?
(a) Traditional Blacklists [SB]
(b) reputation systems [AD]
(2) What is in it? (Content Filtering)
(a) Static lists [SB]
(b) Learning methods [AD]
(3) How was it sent?
(a) Forged info? (i.e. reverse lookups)
[AD]
(b) Envelope characteristics; delivery
path information [SB/AD]
(4) Other properties
(a) bulk determination (i.e. DCC)
b) Fail-Closed (determine wanted messages)
i) Whitelists
(1) Basic
(2) Verified
(a) Authenticated sender identity
(b) Token supported
(c) Disposable email addresses
(3) Used in Fail-open systems
(a) normal whitelists
(b) Third-party lists (i.e. trusted sender)
ii) Challenge/response systems
(1) Basic
(2) Human verification (i.e. Turing tests)
2) Spam Deterrence Approaches - These systems aim to deter spamming
activities. In most areas of life, deterrence is achieved by introducing the
ability to identify and track wrongdoers. These systems can provide input to
spam prevention systems. Also, these systems are useful with the presence of
laws to prosecute the wrongdoers that are identified and tracked.
a) Authentication
b) Tracking
c) Non-repudiation
3) Spam Reduction - These systems aim to reduce the level of spam by
making it more costly or timely to have the messages delivered.
Independently, this type of system does not aim to identify or block spam,
but simply to change the characteristics of the spam to reduce the amount of
spam. These systems can be used in conjunction with deterrence or prevention
systems.
a) Cost-based Systems (increase cost of spamming)
b) Proof-of-work (i.e. hashcash)
c) Rate limiting
i) Ingress
ii) egress
I'm not fully comfortable with the spam reduction being a third category,
but I am currently not sure how to better classify them. What classes of
techniques did I miss? Once we add other classes and see if there are better
ways to classify these, we will begin to build this out into a survey of the
systems in each class. I have a draft of some of this done, but I want to
get feedback on the taxonomy before dumping that on the list.
Paul
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg